“We comply with local laws. If the local laws say we don’t put in backdoors, we don’t put in backdoors. And we don’t just comply with the laws, we follow the ethics and the spirit of the laws.”

This shouldn’t surprise anyone, really. At this point, it’s pretty safe to assume that any major technology company selling products in China are putting backdoors into their products sold in China. Microsoft, Apple, phone makers – China is simply too powerful and important to ignore.

18 Comments

Considering Lenovo has already been caught more than once putting counterfeit certificates in their Windows installations at the behest of malware/adware makers, it’s a given they are also leaving the doors open for any government agency that asks. I don’t believe for a second they have any sort of morals about this at all. They are beholden to money, their shareholders, and the Chinese government in that order.

Some folks have said that despite what was found (again, more than once) on Lenovo’s consumer products, it has no bearing on their business machines like the ThinkPad series, but that’s just wishful thinking.

Bottom line, unless you built the device yourself from scratch, it should automatically be considered compromised. Even then, unless you control the CPU/APU/SoC supply chain, you could still be at risk. That said, unless you’re a high value target of some government agency or corporate spy, you have little to worry about for your day to day computing.

The only question isn’t whether they’re doing it, we know they do and will. The question is if they’re doing it to nations where that would be considered espionage: ex. putting Chinese snooping programs in hardware destined for the US or EU.

I’m willing to bet the PRC’s intelligence organs are every bit as efficient and perhaps more so than their western counterparts. Since a great deal of foreign companies have their products made in China, it’s just as likely their government is inserting both hardware and software back doors into products for both domestic distribution and export.

China has just as many resources, as much engineering knowledge, and even less oversight than the NSA which has already been exposed as having widespread surveillance activities both abroad and at home from inserting back door hardware in Juniper and Cisco ISP grade routers, weakening Intel hardware RNG, inserting bogus Elliptical Curve algorithms in officially accepted cryptographic specs, taps in every major international telephone and data exchanges in the US.

Lenovo has already shown they either have gross incompetence or malicious intent in the past with the security of their devices. It’s foolish to trust them with anything at this point.

Afterall, how can you legitimately trust a company with the policy of having system firmware reinstalling software the user has uninstalled?

>putting Chinese snooping programs in hardware destined for the US or EU

We know for a fact that the US does this to hardware used by manufactures in China, so why not the other way around? Big players like Huawei are cutting lots of their circuit-boards from sub-contractors in pieces because they know that some of them could contain hidden circuits planted there by the US, Israel, etc. as they have found this more than once.

Never trust hardware from China. It is often full of snooping hardware and/or software made in The USA. It is almost as bad as Cisco etc.

And ironically enough the chinese regime request for backdoors in software and hardware is likely to backfire spectacularly: if there’s a backdoor then anybody can use it, not just them. It’s just a matter of discovering and exploiting it.

Based on what? How is China important for the company in itself? Would ignoring Chinese market lead to fading popularity and market cap in Europe or the Americas? Or even the neighbouring Asian countries? Personally I don’t see it. Nobody goes to China because they have to, no, they go there because they want to make more money.

Also, someone correct me if I’m wrong, but I’m pretty sure that Lenovo sells waaaay more laptops in Japan, Europa and the USA than they do in China, so in that case China isn’t that important for Lenovo anyway.

Also, someone correct me if I’m wrong, but I’m pretty sure that Lenovo sells waaaay more laptops in Japan, Europa and the USA than they do in China, so in that case China isn’t that important for Lenovo anyway.

Based on what? How is China important for the company in itself? Would ignoring Chinese market lead to fading popularity and market cap in Europe or the Americas? Or even the neighbouring Asian countries? Personally I don’t see it. Nobody goes to China because they have to, no, they go there because they want to make more money.

It isn’t about capitalistic necessities, it is only about greed.

Let’s say a US company ignores the Chinese market. Another US company dives head first into it.

Which US company is going to be more profitable? Which US company could use their profit and invest back into their US operations?

Can a US company ignore a US+China company?

2018-09-20 10:53 am

The article does not mention what kind of backdoors but they are more likely preinstalled trojans for Windows 7,10 come with laptops.

It would be more serious if these would be UEFI based backdoors or some other chips would be modified on board like to directly record keystrokes store it in flash and send it to their servers in china.

I always say for those who using windows are too dumb and deserve all the viruses they get. The learning curve of Todays Linux on user level is no more than couple of weeks. Just ditch windows and you will get rid of all this.